nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity
115686527c
putty-source/sshserver.h
Simon Tatham 96f1fb9456 New application: 'psusan', the PROT_SSHCONN server end. 
In the previous commit I introduced the ability for PuTTY to talk to a
server speaking the bare ssh-connection protocol, and listed several
applications for that ability. But none of those applications is any
use without a server that speaks the same protocol. Until now, the
only such server has been the Unix-domain socket presented by an
upstream connection-sharing PuTTY - and we already had a way to
connect to that.

So here's the missing piece: by reusing code that already existed for
the testing SSH server Uppity, I've created a program that will speak
the bare ssh-connection protocol on its standard I/O channels. If you
want to get a shell session over any of the transports I mentioned in
the last commit, this is the program you need to run at the far end of
it.

I have yet to write the documentation, but just in case I forget, the
name stands for 'Pseudo Ssh for Untappable, Separately Authenticated
Networks'.
2020-02-22 18:42:13 +00:00

133 lines
5.2 KiB
C
Raw Blame History

typedef struct AuthPolicy AuthPolicy;
struct SshServerConfig {
const char *session_starting_dir;
RSAKey *rsa_kex_key;
/*
* In all of these ptrlens, setting the 'ptr' member to NULL means
* that we're not overriding the default configuration.
*/
ptrlen banner; /* default here is 'no banner' */
ptrlen kex_override[NKEXLIST];
bool exit_signal_numeric; /* mimic an old server bug */
unsigned long ssh1_cipher_mask;
bool ssh1_allow_compression;
bool bare_connection;
};
Plug *ssh_server_plug(
Conf *conf, const SshServerConfig *ssc,
ssh_key *const *hostkeys, int nhostkeys,
RSAKey *hostkey1, AuthPolicy *authpolicy, LogPolicy *logpolicy,
const SftpServerVtable *sftpserver_vt);
void ssh_server_start(Plug *plug, Socket *socket);
void server_instance_terminated(LogPolicy *logpolicy);
void platform_logevent(const char *msg);
#define AUTHMETHODS(X) \
X(NONE) \
X(PASSWORD) \
X(PUBLICKEY) \
X(KBDINT) \
X(TIS) \
X(CRYPTOCARD) \
/* end of list */
#define AUTHMETHOD_BIT_INDEX(name) AUTHMETHOD_BIT_INDEX_##name,
enum { AUTHMETHODS(AUTHMETHOD_BIT_INDEX) AUTHMETHOD_BIT_INDEX_dummy };
#define AUTHMETHOD_BIT_VALUE(name) \
AUTHMETHOD_##name = 1 << AUTHMETHOD_BIT_INDEX_##name,
enum { AUTHMETHODS(AUTHMETHOD_BIT_VALUE) AUTHMETHOD_BIT_VALUE_dummy };
typedef struct AuthKbdInt AuthKbdInt;
typedef struct AuthKbdIntPrompt AuthKbdIntPrompt;
struct AuthKbdInt {
char *title, *instruction; /* both need freeing */
int nprompts;
AuthKbdIntPrompt *prompts; /* the array itself needs freeing */
};
struct AuthKbdIntPrompt {
char *prompt; /* needs freeing */
bool echo;
};
unsigned auth_methods(AuthPolicy *);
bool auth_none(AuthPolicy *, ptrlen username);
int auth_password(AuthPolicy *, ptrlen username, ptrlen password,
ptrlen *opt_new_password);
/* auth_password returns 1 for 'accepted', 0 for 'rejected', and 2 for
* 'ok but now you need to change your password' */
bool auth_publickey(AuthPolicy *, ptrlen username, ptrlen public_blob);
/* auth_publickey_ssh1 must return the whole public key given the modulus,
* because the SSH-1 client never transmits the exponent over the wire.
* The key remains owned by the AuthPolicy. */
AuthKbdInt *auth_kbdint_prompts(AuthPolicy *, ptrlen username);
/* auth_kbdint_prompts returns NULL to trigger auth failure */
int auth_kbdint_responses(AuthPolicy *, const ptrlen *responses);
/* auth_kbdint_responses returns >0 for success, <0 for failure, and 0
* to indicate that we haven't decided yet and further prompts are
* coming */
/* The very similar SSH-1 TIS and CryptoCard methods are combined into
* a single API for AuthPolicy, which takes a method argument */
char *auth_ssh1int_challenge(AuthPolicy *, unsigned method, ptrlen username);
bool auth_ssh1int_response(AuthPolicy *, ptrlen response);
RSAKey *auth_publickey_ssh1(
AuthPolicy *ap, ptrlen username, mp_int *rsa_modulus);
/* auth_successful returns false if further authentication is needed */
bool auth_successful(AuthPolicy *, ptrlen username, unsigned method);
PacketProtocolLayer *ssh2_userauth_server_new(
PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy,
const SshServerConfig *ssc);
void ssh2_userauth_server_set_transport_layer(
PacketProtocolLayer *userauth, PacketProtocolLayer *transport);
void ssh2connection_server_configure(
PacketProtocolLayer *ppl, const SftpServerVtable *sftpserver_vt,
const SshServerConfig *ssc);
void ssh1connection_server_configure(
PacketProtocolLayer *ppl, const SshServerConfig *ssc);
PacketProtocolLayer *ssh1_login_server_new(
PacketProtocolLayer *successor_layer, RSAKey *hostkey,
AuthPolicy *authpolicy, const SshServerConfig *ssc);
Channel *sesschan_new(SshChannel *c, LogContext *logctx,
const SftpServerVtable *sftpserver_vt,
const SshServerConfig *ssc);
Backend *pty_backend_create(
Seat *seat, LogContext *logctx, Conf *conf, char **argv, const char *cmd,
struct ssh_ttymodes ttymodes, bool pipes_instead_of_pty, const char *dir,
const char *const *env_vars_to_unset);
int pty_backend_exit_signum(Backend *be);
ptrlen pty_backend_exit_signame(Backend *be, char **aux_msg);
/*
* Establish a listening X server. Return value is the _number_ of
* Sockets that it established pointing at the given Plug. (0
* indicates complete failure.) The socket pointers themselves are
* written into sockets[], up to a possible total of MAX_X11_SOCKETS.
*
* The supplied Conf has necessary environment variables written into
* it. (And is also used to open the port listeners, though that
* shouldn't affect anything.)
*/
#define MAX_X11_SOCKETS 2
int platform_make_x11_server(Plug *plug, const char *progname, int mindisp,
const char *screen_number_suffix,
ptrlen authproto, ptrlen authdata,
Socket **sockets, Conf *conf);
Conf *make_ssh_server_conf(void);
Reference in New Issue View Git Blame Copy Permalink